Detections
Analytics

CVE-2024-12727

critical

Description

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.

References

https://latesthackingnews.com/2025/01/03/sophos-firewall-vulnerabilities-could-allow-remote-attacks/

https://www.securityweek.com/sophos-patches-critical-firewall-vulnerabilities/

https://www.bleepingcomputer.com/news/security/sophos-firewall-vulnerable-to-critical-remote-code-execution-flaw/

https://thehackernews.com/2024/12/sophos-fixes-3-critical-firewall-flaws.html

https://securityaffairs.com/172179/security/sophos-firewall-critical-vulnerabilities.html

https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce

Details

Source: Mitre, NVD

Published: 2024-12-19

Updated: 2024-12-19

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00255